Skip to content
This repository has been archived by the owner on Jul 26, 2022. It is now read-only.

Volume front end API #78

Closed
silasbw opened this issue Jun 2, 2019 · 1 comment
Closed

Volume front end API #78

silasbw opened this issue Jun 2, 2019 · 1 comment

Comments

@silasbw
Copy link
Contributor

silasbw commented Jun 2, 2019

kubernetes-external-secrets currently has a single "front end" that writes backend data to Secret objects (and Pods manipulate the Secret objects in the usual ways). The goal of this issue is to define the API for a new frontend that wrties data to a Volume. This is part of the effort to avoid putting Secrets in ETCD.

The Volume frontend API must allow engineers to declare how kubernetes external secrets writes external secret data to a Volume. One approach is to use annotations on the Pod to identify which volumes in .spec.volumes represent an ExternalSecret:

kind: Pod
metadata:
  annotations:
    externalsecrets.kubernetes-client.io/volume/db-secrets: 'true'
    externalsecrets.kubernetes-client.io/volume/client-secrets: 'true'
spec:
  containers:
  - name: test
    image: busybox
    volumeMounts:
      - name: db-secrets
        mountPath: /db-secrets
      - name: client-secrets
        mountPath: /client-secrets
      - name: other-stuff
        mountPath: /stuff
  volumes:
  - name: db-secrets
    emptyDir:
      medium: "Memory"
  - name: client-secrets
    emptyDir:
      medium: "Memory"
  - name: other-stuff
    configMap:
      name: stuff-config

We should discuss the pros and cons of an approach like this and discuss other potential approaches.
This was referenced Jun 2, 2019
Closed
Closed
Closed
silasbw added a commit that referenced this issue Jun 9, 2019
@silasbw
docs(frontends): propose a volume-based "frontend"
2612a04 
Propose and document an API for writing secret data to volumes.

See: #78
silasbw added a commit that referenced this issue Jun 9, 2019
@silasbw
docs(frontends): propose a volume-based "frontend"
72a5170 
Propose and document an API for writing secret data to volumes.

See: #78
silasbw added a commit that referenced this issue Jun 9, 2019
@silasbw
docs(frontends): propose a volume-based "frontend"
0bb1da9 
Propose and document an API for writing secret data to volumes.

See: #78
@silasbw silasbw mentioned this issue Jun 9, 2019
Merged
silasbw pushed a commit that referenced this issue Jun 19, 2019
docs(frontends): propose a volume-based "frontend" (#91)
d04cf1d 
Propose and document an API for writing secret data to volumes.

See: #78
@silasbw
Copy link
Contributor Author

silasbw commented Jun 25, 2019

I think we have an OK first pass at this: https://github.com/godaddy/kubernetes-external-secrets/blob/master/api.md

@silasbw silasbw closed this as completed Jun 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@silasbw